JULY 2023 – ARTICLES & ITEMS OF INTEREST

THE LEGAL QUALITY STANDARD OF IRELAND

JULY 2023 – ARTICLES & ITEMS OF INTEREST

NEW SOLICITORS ACCOUNTS REGULATIONS

In the Summer Edition of the Parchment, Niall Cawley offers guidance on the new Solicitor Account Regulations and as previously flagged, the LQSI final compliance webinar for 2023 will be on Tuesday 5 December 2023 when we will be joined by a representative from the Law Society to give an update on the new Solicitors Accounts Regulations.

In the recent edition of the Parchment, Niall Cawley discusses the new SARs under the following headings:-

When do they apply to you? – If your year end is the 31 October, then the new regulations will apply from the 1 November 2023 and the old regulations will apply until then.

• The Balancing Date – currently every 6 months you have to bring your ledger cards into balance, all ledger cards for the client balance must be positive or zero and all ledger cards for the office account must to be negative or zero, the balancing date requirement has been increased to every three months.
• Holding Client Monies (Regulation 5) – Monies may only be held for the provision of legal services.
• Solicitors own funds (Regulation 5) – You may not as a Solicitor place your money in the Client’s Account.
• Solicitor Employees – Any Solicitor who is any employee, who in the course of his/her work handles client funds or non-controlled trust monies or insolvent arrangement monies is subject to these obligations personally.
• Salaried Partner – from a regulatory point of view a salaried partner is fully liable as a partner in the practice.
• Historical Balances (Regulation 5) – The new provision provides that you must return the money to a client within 6 months after the completion of the Legal Services.
• Client’s authority to withdraw funds
• Round Sum Withdrawals – these are prohibited.
• Deficits and Notice to the Law Society – Prohibition of deficit in the client account. Niall Cawley states you have to notify the Law Society within 7 days of your being satisfied that the deficit cannot be rectified.
• Records and Cash – Obligation to maintain records of all EFTs both given and received.
• Authorised signatories – must be a partner or sole practitioner, a person who is not a solicitor may sign in exceptional circumstances and only with the prior approval of the Law Society.
• The two years rule regulation – Obligation on your reporting accountants to identify in their report any historic balances in excess of 2 years following the completion of legal services, the report must detail the reason for the balance and they must be signed off by the Principal/Sole Practitioner or Compliance Partner.
• AML
• Computer Back Up – must maintain backups of accounting records on a computerised system and they must be maintained securely other than at the Practices Office Premises.
• Reporting Deadline – Within 5 months of the year end – you can within 14 days of the expiry date request an extension of a month.
• Reporting Accountants – the article sets out a number of substantial changes.
• Borrowing from clients
• Registers – must maintain an undertaking register identifying the client and undertaking completion.
• Investigations – tightening-up of investigations discussed.

The above is only a brief synopsis, to view this article in full see https://issuu.com/256media/docs/parchment_summer_2023-flipbook?e=16581915/97470438

WHAT TECHNICAL MEASURES ARE MOST RELEVANT FOR LEGAL PRACTICES TO HELP PREVENT CYBER-CRIME

In the July edition of the Law Society Gazette, Tanya Moeller, Nicola Kiely and Deborah Leonard have written a second article in their series on fighting cybercrime in the office titled ‘Stress Test’.

In their first article they looked at how important it is for employees to understand that human behaviour is key to keeping firms safe.  Technical measures complement such essential organisational awareness and prevention, and this article discusses what type of technical measures are most relevant for practices.

• Physical access restrictions to IT assets, such as securing windows and doors appropriately, installing CCTV, or locking laptops with a laptop cable overnight. Retired devices should be safely destroyed if files are stored on the hard drive. Firms should consider maintaining a log of work laptops and work-related mobile devices.  Consider appointing an employee to maintain and control this log.
• If the staff of your law firm frequently work outside the office or their home, you should consider using a ‘virtual private network’ (VPN), ideally in combination with a mobile hotspot. Also the use of privacy screens which are thin sheets of plastic that adhere to the monitor of your laptop, these obscure the monitor and should be used in crowded settings e.g. public transport. All devices should automatically lock if unused for a short period of time.  Work information should be deleted from that device at the end of employment
• Storing files on a hard drive or using USB sticks or portable electronic storage devices should be discouraged, as they can be easily accessed, lost, or stolen, and they can be carriers of corrupted files. As part of overall device management, firms should consider how they are passing equipment between their employees.
• Access to information by staff to files should be centrally controlled, so that it is limited to only what is strictly necessary. Equally, at the end of the employment, cloud-based access should no longer be possible and all devices should be returned, using your device log.
• Firewalls should be in place. Firewalls screen information based on a set of security rules.  They act as a barrier between your device and the internet to protect against unauthorised access by an outsider.
• Antivirus, or anti-malware should be in place, this software works by detecting and deleting malicious software, such as viruses, ransomware, or Trojans.
• It is recommended that hard drives are encrypted ‘at rest’, in case a device does get stolen and information was saved by a user on a hard drive, contrary to policy.
• Electronic devices should be updated regularly, as updates include security features that will patch an identified vulnerability.
• Law firms should evaluate the extent to which the use of a third-party service provider poses a risk to their information.

The above is just a brief synopsis of the points raised in the article, to view all the key information in full see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2023/july-2023-gazette.pdf#page=49

PROTECTION OF SOLICITORS’ CLIENT ACCOUNTS IN CONVEYANCING TRANSACTIONS

Issue 151 of the Law Society of Ireland eZine dated 18 July 2023 published a practice note from the Conveyancing Committee titled ‘Protection of solicitors’ client accounts in conveyancing transactions’.  It refers to the fact that the Conveyancing Committee has received reports that funds are being paid by purchasers or other third parties uninvited to the vendor’s solicitor’s client account.  This is occurring due to the fact that the proposed purchaser can access these account details in the special conditions of the Contact for Sale and then take it upon themselves to make a direct payment.

The committee wishes to remind practitioners that payments from or on behalf of a purchaser should be routed through that party’s solicitor. Having regard to the AML obligations, any alternative arrangements should only be operated with the express consent of the vendor’s solicitor.

• Solicitors should therefore endeavour to avoid sharing another firm’s client account details with their client or other third party unless this has been agreed in advance.
• Where the vendor’s solicitor wishes to include account details in the Contract, it is prudent that the bank account number should not be included in totality e.g. redact the last four digits necessitating further verification action.

To view this practice note see https://www.lawsociety.ie/Solicitors/knowledge-base/Practice-Notes/protection-of-solicitors-client-accounts-in-conveyancing-transactions/?utm_source=Email&utm_medium=Email&utm_campaign=Email

ENSURE BANK ACCOUNT DETAILS ARE SECURELY OBTAINED AND VERIFIED

O’Leary’s Insurance has issued its third newsletter for 2023.  The latest newsletter details a cyber-security claim that was brought to a successful conclusion and two recent case studies.

One of the case studies details yet another instance where money was transferred without verifying the validity of the request or bank details over the phone.  The newsletter states “A member of staff with authority to transfer funds received an email purporting to be from a client. The email requested a transfer of €60,000 urgently. Under pressure, the member of staff made the transfer without verifying the validity of the request or the bank details over the phone. Soon after the criminals requested higher amounts, and the employee tried to transfer same. Thankfully there were insufficient funds and the transfers could not be made. However the original transfer was not recovered. This amount was indemnified by Cyber Insurance.”

To view this newsletter see  https://www.olearyinsurances.ie/contentFiles/newsFiles/Q3_2023_Cyber_Matters_Newsletter.pdf

Please note that the LQSI hosted a cyber webinar on 26 July 2023 wherein we were joined by two cyber experts, Cathal Clancy from Zenotec and Brian O’Mara from O’Leary Insurance, if you missed this, it is available in the LQSI members’ area.

ARE YOUR FIRM’S EMPLOYEE POLICIES AND PROCEDURES UP TO DATE

Geraldine Carr and Denise Moran consider the key learnings and takeaways for employers in a recent sexual harassment decision (O’Brien V Deadline Direct Ltd t/a Deadline Couriers) where a complainant was awarded the maximum compensation amount of 2 years’ remuneration.  This case serves as a cautionary reminder for employers to take action to prevent harassment and discrimination in the workplace.  It further highlights the importance of investigating such allegation and concluding the process even where the alleged perpetrator resigns.

The article sets out the circumstances of the case and importantly sets out the Key Points for Employers to take from the case.  The following is a brief synopsis of the Key Points:-

• Ensure that employees are provided with an Employee Handbook containing all relevant and necessary policies and procedures, including bullying and harassment, grievances policy and disciplinary policy. The Employee Handbook should be provided as part of the on-barding process and a record retained of the employees receipt of the Handbook.  Employees should be reminded of the employer’s policies and procedures on an annual basis or where any changes or updates are made to them.
• Conduct a regular review of employment policies and procedures.
• Ensure regular training is provided to employees.
• Where an investigation is ongoing and the alleged perpetrator resigns, the investigation must be completed and outcome issued.
• Consider if mediation is appropriate in the circumstances.
• Ensure company policies reflect Irish Law.

To view this article in full see https://issuu.com/256media/docs/parchment_summer_2023-flipbook?e=16581915/97470438

BUYING PII MORE DIFFICULT IN ENGLAND AND WALES

On the 24 July 2023, the Law Society’s Top Stories discussed a report from the Law Society of England and Wales on trends in PII based on a survey of 600 law firms and sole practitioners that took out PII between November 2022 and February 2023.

• It states more than 7 out of 10 law firms in England and Wales are still without cyber-insurance.
• Toughest market conditions for 20 years hiked operating costs at every size of firm.
• The median cost of compulsory cover rose most at firms with between 5 and 10 partners – a 23% rise to £140,000 in the last financial year and sole practitioners saw a 15% rise.
• 2 insurers have over 40% of the market – Travelers with 28% and Sompo with 14%

To view this story in full see https://www.lawsociety.ie/gazette/top-stories/2023/july/buying-pii-more-difficult-in-england-and-wales